SecurityInsight: Incorrect definition for "Threat Intelligence Alert Rule"

[magodo]

The definition of threat intelligent alert rule defines following properties as read only: description, severity, tactics, etc. When I invoke following API call:

{"kind":"ThreatIntelligence","properties":{"alertRuleTemplateName":"0dd422ee-e6af-4204-b219-f59ac172e4c6","enabled":true}}

It failed with:

{"error":{"code":"BadRequest","message":"Required property \'severity\' not found in JSON. Path \'properties\', line 3, position 17."}}

From portal, I can see the PUT request is actually like below:

{
  "id": "/subscriptions/xxxx/resourceGroups/acctestrg-sentinel-221011134813007305/providers/Microsoft.OperationalInsights/workspaces/acctestlaw-221011134813007305/providers/Microsoft.SecurityInsights/alertRules/30d16e1a-4ddf-4ffb-a876-7a3da66132f4",
  "name": "30d16e1a-4ddf-4ffb-a876-7a3da66132f4",
  "type": "Microsoft.SecurityInsights/alertRules",
  "kind": "ThreatIntelligence",
  "properties": {
    "enabled": true,
    "alertRuleTemplateName": "0dd422ee-e6af-4204-b219-f59ac172e4c6",
    "description": "This rule generates an alert when a Microsoft Threat Intelligence Indicator gets matched with your event logs. The alerts are very high fidelity.\n\nNote : It is advised to turn off any custom alert rules which match the threat intelligence indicators with the same event logs matched by this analytics to prevent duplicate alerts.",
    "displayName": "(Preview) Microsoft Threat Intelligence Analytics",
    "severity": "Medium",
    "tactics": [
      "Persistence",
      "LateralMovement"
    ],
    "techniques": []
  }
}

Apparently, the swagger and the service behavior is not matched.

[magodo]

Blocking the implementation of https://github.com/magodo/terraform-provider-azurerm/tree/sentinel_alert_rule_ti

[FaresKi]

I'm having a similar problem here also: there seems to be a typing mismatch between the swagger and the SDK or Service.